Skip to main content

tv   Discussion on Credit Card Chip Technology  CSPAN  May 7, 2016 4:50pm-6:20pm EDT

4:50 pm
consumers are still vulnerable to comment forms of credit card fraud. i believe the chip enabled cards must be coupled with personal identification numbers or pins. there is a two factor authentication system and that has been used around the world to effectively combat fraud for years. along with the chip, each card requires a unique pin that must be entered when making a transaction. should a thief steal a card, it would be useless without knowing the pen. we could extend those protections even further if we had more robust mechanisms available to consumers to securely use pins during online transactions. the technology exists to securely use them online. it's just not widely used. evidence of benefits and a heightened security protections
4:51 pm
were highlighted in president obama's executive order that required technology for government issued credit cards and in a pride of the old terminals at federal buildings. others have recognized that security benefits of combining chip cards with pins. in the last two weeks, discover, one of the largest card brands, embraced the willingness to use pins. new york had a consumer alert stating in part that chip cards that require a personal identification number could be entered at a point-of-sale to make a purchase and they are the most secure. over the last year, the payment industry has rebutted arguments in favor of this by saying one day we will move beyond the pen.
4:52 pm
even if that's true, there will always be a better technology available down the road. it doesn't make sense to make the american public stand by and wait for an alternative while they remain susceptible to fraud. traditional credit and debit cards account for the overwhelming majority of all transactions in the united states today. credit cards be the preferred method of payment for consumers for years to come. we must ensure we are using every credible means to safeguard those transactions now. that means embracing chips and pins. i would like to try over to camille fisher. she is the policy advisor with
4:53 pm
the white house economic council. she will speak about what the administration is doing to protect consumers. thank you. [applause] camille fisher: thank you. it's a pleasure to be here with you to talk about the security initiative. the hallmark is that every step the administration took the private sector ran with. the could not be here today without your commitment. i hope our cooperation lives on. i think our initiative can teach the next guy a thing or two. we launched our cyber security plan. we needed to take a hard look at our infrastructure and update security. some of you continue to do that. we also announced new milestones.
4:54 pm
the issued over 2.5 million chip cards for government accounts. we have deployed our entire fleet of treasury issued chip card readers. in this case, we needed to take the administrative security step that many of you have and are taking. it's a process. if we could cut through the red tape, it can be done. in addition to the milestone, there was a first time that we are the largest users of this's more secure technology in the world. i got a lot of internal spec for saying that. no one would believe we are ahead of european countries who is. faster and earlier. i've been talking with industry and the numbers speak for themselves. if you look at fisa, they issued
4:55 pm
18 million cards. now the have issued 265 million cards. mastercard and discover are much the same. american policy has a chance to be the strongest. we are the leaders in the security tech knowledge he because we work together. now is the time to make sure we have the will to use it. adopting and turning on the terminals has been a longer process. i've have been encouraged by the steps you have taken. target and home depot are right there with us. they announced an upgrade in 2014. three fourths of transactions occur in small merchants. we have been able to communicate the need. this effort has taught me that innovation and smart implementable steps are fundamental in securing the financial system by giving consumers the tools to take care of their own security. in the final phase, we hope this can become a one-stop shop for victims of identity theft to get
4:56 pm
the tools they need to protect themselves. we have also been able to fill in gaps. through the open access program, over 150 million consumers can now access their fica scores. many other banks and networks have already done this. we realize that chip alone is not enough. mastercard has revealed a phased out rollout of biometric authentication. listening to the complaints some of had about the chip card experience, a faster way to authenticate transactions. we are also engaged with our partners to launch cyber security campaigns.
4:57 pm
other users can take steps to secure their online accounts. we're focusing on multiple factors. each company has a role to play. in closing, i hope my remarks have taken the fear of innovation and it will last through the administration. debra: thank you. that was great. it's a little narrow back here. we are going to move to our three panelists that we have joining us. you have their bios in your packets so you can follow along. as we introduce them, we have a scott albert from the electronic
4:58 pm
transaction association. we have liz garner from the merchant advisory group. steve who is the president of the american consumer institute center for citizen research. thank you for joining us. we look forward to your remarks as well as the discussion that will follow. let me start things off with scott talbott. let me ask you if you could tell us what the payment industry is doing to protect consumers and provide your thoughts on the transition that has happened so
4:59 pm
far? scott: thanks for having me. i represent the transaction association. we are a trade association that represents 500 companies that focus on the payment system. we ensure that payments are faster and more secure. everything we do is geared toward those goals to make sure the transaction go through. in terms of the migration, this is a major change. it's a major upgrade in our system. we have gone from the magnetic stripe, that was used in cassette tapes and most of you don't know what they are. you used to stick them in your car and rewind with a pencil. it's the same tech knowledge he that was used in those cassette
5:00 pm
tapes. it's been used since the late 60's. this is a major change. when you look at the marketplace, we have 1.2 million cards in america that need to be upgraded. we've got about 9 million merchants that need to be upgraded. we have a number of banks and other players who are part of this process going through this migration. this is not a government mandate. this is not a regulation. this is something initiated by the industry to make transactions more secure. we are about seven months in. half of the cards in america now have chips. if there is anybody who does not have a card, i would be surprised. 70% of americans have a chip card. we are ahead of every other region in the world in terms of
5:01 pm
the number of cards that are in circulation at this point. we are halfway done with the cards and we expect the other have to be issued this year. by the end of this year, most of the cards if not all of them will be upgraded. there were always the sum lagging. about 37% of merchants have upgraded to chip. if you break those out, the large merchants are largely ready. the small merchants are about ready. we will talk about the middle group and little bit. merchants are well on their way to upgrading the chip. let's focus on what it does. we have $6 trillion in payments. there will be a lot of fraud and the chip is aimed at ending counterfeit frauds used in
5:02 pm
stores. they create a counterfeit card and they walk into a store to make a purchase. the usually focus on electronics. they make a purchase with your account number on a fake card. what the chip card does is creates a computer chip in the card. it creates a one time code that travels along with your account number when the merchant sends the instructions to the bank that issued the card. that code it cannot be replicated i the thief. if they do not know that code, your account number is useless to them. that's we are talking about. it's expected to decline. it does not work in an online scenario unless you have a chip reader at your house. i don't and i work for the
5:03 pm
industry. it does not work for lost or stolen cards. it hits the largest source of product, in-store purchases. we are about seven months in a we see some trends. we see it moving from those merchants that are ready to merchants that are not chip ready as you expect. we see it move from the in-store to online as we saw in europe and other countries. the process for a merchant to become chip ready is called the testing and certification phase. every merchant must go through this. we can talk about more details on how it works. sometimes it simple if you are a one terminal merchant. you can use something like this which attaches to the cell phone. this makes this instantly ready to take chip cards. if you are a big-box retailer, they have spent many months getting ready for this transition. where we see challenges are the midsized retailers. they have systems that are somewhat complex but not as complex as the big guys. in terms of the certification process, everything that is part
5:04 pm
of the transaction has to be certified. if you're using something and by this off-the-shelf, this has been pretty certified. in the case of a big-box retailer in your system has to be tested. those metal merchants are where we run into problems. many of them have add-on software packages that have to be tested. they use their terminals for inventory, payroll, rewards programs. everything that stands between the merchant and the payment network has to be certified. why do we need to test this? anyone of those software programs can be used as an access point for thieves. everything that's part of the terminal has to be tested. this has caused some delays in
5:05 pm
the system getting those merchants with those add-ons tested and certified. i think those are the major pieces. i am happy to talk about other points. let me turn it back over to. debra: we will have time to get back to some of those points you made. the other panelists can talk about those as well. i want to turn to liz now and ask about what the retailers are doing to protect consumers and your thoughts about the transition. if you could talk about chip and pins. liz: thank you for having me here today. we represent some of the largest merchants, including those that
5:06 pm
are heavily franchised. when i listen to scott talk, i reminded that 60% of the time we agree. especially about the rollout here in the u.s.. where we are going to vary a little bit is on not the details of the certification, that some of the terminology and we will get into that. our definition of a small margin and a large merchant might be different as far as who's been the most challenged with the process. i think it's important to note that global card fraud is some of the worst in the world. as of last summer, we are about 50% of total global card fraud. that is abysmal. we needed to make a change. this is one tool toward getting a more secure environment. it's not a silver bullet. it is a major change in upgrade we are going through. unfortunately, a byproduct of
5:07 pm
that is being put to the side. it's being john conjunctival he with appointment. there is a lot of research being done at the merchant point-of-sale to make sure these transactions are protected better. when we look at how this has gone, the biggest challenge for merchants is they installed hardware a year ago. they have not been able to get tested and certified. they are simply waiting. there are several small businesses who testified last october who said they were having challenges and they are still not certified. that's a huge problem when you look at the liability that went into effect. there wasn't an adequate roadmap to get them certified by that october 1 date.
5:08 pm
that creates a strain on u.s. commerce and consumers. scott's members have been very helpful to my members. they've been doing everything they can to help get our merchants tested and certified. it's not just their role. hardware providers, software providers, there are a ton of people involved and that's been a real challenge there. it's a process. it's one we are making progress on. there are challenges there. i want to talk about how we
5:09 pm
brought this to the united states. there is an organization governed by visa and mastercard. they control the technology that is the backend for these smart chips. one of our lessons learned early on is they manage the process well. it's an indicator that we have huge concerns about them being involved in transitioning the u.s. to digital and mobile commerce in the future. that's one of the biggest lessons and takeaways for merchants who have had to rely on the companies for this major transition. some members of congress of started to look into this and how it's organized in governed. we need to ask why we don't have a more robust four pin here in the united states. there are branches of the federal reserve studying security who point to the development of standards which they directly and explicitly
5:10 pm
reference. it may result in lesser security as well as competitive disadvantages for other companies. we have seen that happen here in the u.s.. what does this mean? we do believe that merchants will get there eventually. the certification will happen. it's not happening in a timely fashion for a lot of people. i have merchants who have 800 locations in the u.s. who have not been able to get certified. were talking about a sub set that's been able to fully deploy. we are going to disagree about small merchants. this is great for a food truck or small business. when you look at a simple
5:11 pm
independent operator grocery store, you can't have an out-of-the-box solution. you're still going to integrate your point-of-sale. this is not really realistic, even for a small independent operator. we talked a lot about what the liability shift means. i think it's important to know that merchants are covering a lot of the losses. that's something that could have been helped by putting pins on all of these products. we see a huge shift in sales to e-commerce transactions and mobile commerce. that's a good thing for the economy. a lot of those losses being born in that channel are by the merchant community. we have this counterfeit liability shift which ranks were covering most of the fraud before.
5:12 pm
now we see a lot of that transition to the merchant, which is creating strain on smaller businesses. even some of my large businesses with 800 stores are trying to see $1 million in chargebacks every week. i think it is important to note that merchants are bullish because the charge process itself is a byproduct of signature card environment. the network rules are managed by be sarah and mastercard -- by visa and mastercard. it shows that charges are not accepted on pin transactions. when we look at it deeper, it is improved security. they noted last summer that when you look at the method equally pin-based products, they had the lowest fraud. that is a huge indicator that it is working internationally. there are several folks who agree, in addition to national
5:13 pm
banks and companies, the fbi and the new york department of consumer protection and they noted the added benefits of the security. another good example for the pin initiative in australia is where the customers and companies came together a couple of years ago to educate participants in the economy about the mandated pin on transactions at most merchants. the one exception being that quick service restaurants and other low risk, low dollar and small ticket type of merchants, where they basically said under $35, maybe you do not have to ask for a pin, but it makes sense from a policy perspective
5:14 pm
because all the banks issuing pins on them, if for some reason it is midnight at the drive-through and they want to ask for a pin, they can because it is on the product. in the u.s., if i have a customer and i say i do not like to lock my smartphone with a pin, i will not use my credit card because i got in trouble the last time i did that -- [laughter] at least hide it a little bit. if i say, i don't think i will lock my pin, apple will come in and say, i will not enable for any customers who want to put a pin on this fund protected and that would be the same as what banks are doing by not putting pins on their products. i think it is a backstop for us toward innovation in the u.s. i went to close with one other quick piece that we have not talked about and i'm sure most of you may not have it on your radar unless you pay emb debit. i noted challenges we have with certifications, and we will get
5:15 pm
there, but there are challenges. scott is right. if a merchant wants to program their point-of-sale and process emb a certain way, they can do that. in order to be pin preferring, they now have to go through this added step, which they did not have to do before when you could wrap transactions in a striped -- and a magnetic stripe environment. there is a new screen prompt and i will put these outs of folks can take a look, but essentially, it says here [indiscernible] we are seeing this popped up as a certification process that merchants who rollout emb at the point of sales. it has caught a lot of folks off guard and it was slowing down time at the checkout only cannot figure out why. people realize the screens were
5:16 pm
there and it is disingenuous in the sense that this and companies who said they did not want to put pins and products in the united states are adding a layer of complication to emb, which is already complicated process for consumers. in this sense, where customers select debit, that will route a signature transaction, leaving small businesses more open to liability on chargebacks and the less secure transaction. we have sent major concerns with this. we think it is disingenuous at this point of sales when we are not doing the simplest things we can to protect consumers. thank you very much. >> now, we're going to move to [indiscernible] i went you to offer your input and thoughts from the consumer issues perspective. >> thank you.
5:17 pm
thanks to the energy and commerce staff for securing this room. it is much appreciated. i am the president of the american consumer institute at 501 suite 3. look at a lot of issues from technology to insurance regulation, and it is good to be here today and talk about some financial and credit card issues, including the problem with fraud. starting up at a very high level, as we look at this, it is a bigger problem than all of this, but let me scroll down. we know that there are multipronged threats that affect americans, american businesses and consumers dealing from hackers and fraudsters that affects this is, government and consumer -- that affects business, government and consumer information.
5:18 pm
whether it is from nations, select government information, personal data on consumers and taxpayers, corporate espionage, the hackers received out of you in this and similar to this, what we are seeing is the value of financial information and that brings us down to it we are looking not -- what we are looking at, which is intermediaries and consumers are targeted week as of the big value of the transactional information and what it has, including credit card bank information. financial fraud is a major problem. on the whole chain of everything i addressed, it is another example where we are not doing enough and we need to do more about -- as liz stated about the credit card fraud issue -- it needs to be fully addressed. 30 million american consumers
5:19 pm
were affected in 2014 by credit card fraud. if we look at the u.s. worldwide card volume, about 24%, more than twice as that is a share of credit card fraud in the u.s. the fact is the u.s. is this a portion in the affected when you look at other countries were over 10 years, 12 years in major western where they have had a pin option, so what i see is sort of one of the simple steps to get it toward addressing this issue, and it is going to be continuous issue because hackers are this sort of stagnant group. they are very dynamic and they will figure out the next trick. if the trick is online or whatever, the thing we need to understand is that shape and pin -- chip and pin is a reasonable solution, can reduce the profits out there that people seem credit card fraud, simple,
5:20 pm
low-cost solution and an immediate solution in terms of implementing the chip and pin. the federal reserve data, which is mentioned couple of times, there is one statistic that shows that the credit card transaction could be made 700% more secure, up to 700% more secure if a pin number had been included. we heard earlier that there is 2.5 million chip and pain in use in the federal government, so they have taken the step, and it is a step that i have not seen the private industry move toward. why don't we have chip and pin? why is it not in the u.s.? one of the simple answers is that consumers are not smart
5:21 pm
enough to remember a payment number, but -- remember a pin number, but when i turn on my cell phone, ipc, a lockbox, my garage door opener, i go to banks, thanks love paint numbers. if you -- love pin numbers. the first thing they do is push the keypad toward you to put in a pin number. bottom line is atms require pins because banks are liable. a debit card, by the way -- [laughter] a debit card requires pins because banks are liable, but credit cards, they do not require pins. it is because, simply, the banks have shifted the liability, as mentioned, to merchants. had the liability stayed on the issue in banks, we would be using pins today. what it gets down to his banks
5:22 pm
are not liable, so shouldn't they be indifferent about all of this? why would they care? we are hearing arguments against pins. why? because there is money in it. they earn more on the chip and signature transaction fee then they do on the chip and pin transaction fee, so on the one side, they should the liability to somewhere else. if it is fraud, they are protected than the other side because older technology benefits from the transaction. the bottom line is the chip is better because of stopping counterfeiting, but the other side with what the pin does, if i drop of this, they could easily forge or scribble something. what the pin does is eliminate that, even online. a simple solution online is if you opt into it to get a text back and they send you an option and it gives you a pin number and you put that number online
5:23 pm
and it eliminates fraud in that manner. look, it is not the panacea. we know things are going to change down the road. there are mobile actions that may become dominant in five years or seven years. right now, we have a simple, low-cost and immediate solution for credit card fraud, and that is my position and i am sticking with it. >> thanks. i think you made a good point about pins and the fact that we use a pin so often and every day. i just cannot imagine going to an atm and putting in our card and not entering the pin. that would be a total lack of security for all of us. i went to state clearly before i go into a couple of questions for our panelists to see if any of you want to respond to anything that has been said so far from the panelists? >> she is clearly looking at me, so i will take this. on the pin, a couple of things.
5:24 pm
from my standpoint, eta is agnostic with respect to pin. we believe in chip and choice. we want them to be able to cite themselves, whether that be in, signature or nothing. my cab ride appear this morning did not ask for anything. it just took my card. reboot merchants should have that choice. a merchant, consumer or bank has the ability now to require a pin in their system. the networks can handle it, the banks can issue it and you will find 20 that have the pin. there are merchants that are moving toward a pin. the federal government asked for a pin. pin is great for getting cash back at the store.
5:25 pm
it is not so great that the toll booth or drive-through, so each merchant has a different profile and they have to decide if they want to require pin or not. if you sell high ticket items, you might want a pin, but it is up to the merchant and the technology largely exists for them to do that. pin also has challenges with implementations which is two thirds of merchants do not have the pin pad. if you would like them to do that, you have to purchase a pin pad. pin has strengths and weaknesses. there has been a lot of discussion about other technology out there. one of the challenges for pin is that it becomes a target for
5:26 pm
thieves. if a thief gets your pin, they can drain your bank account. we have seen atm fraud up in the last year in england and europe, where they use pin a lot, we have seen it increase and they can target your pin. pins are usually four digits, so there are only so many combinations, i guess you could say 10,000 if you want to make 0000 into a pin. it is not hard to crack. what might make more sense, instead of a pin, a static number that never changes, our dynamic ones. other things available now, biometrics, thumbprints, that is a form of a pin. that is more secure than a static number. we are using selfies, voice recognition, i don't think we have ruled out retinal scans yet, but all of these technologies are getting better and better. when you talk about online
5:27 pm
transactions, there is another technology being deployed. it is a way to secure your transactions online as a way to help reduce online fraud, so there are pros and cons to pins. you need to weigh all the costs and factors for each merchant. we are chip choice, it should be up to the merchant to decide what to use. thank you. >> thank you. i see you are jumping in. >> i agree that it would be great for the merchant to decide. chip and choice, as it has been coined in the u.s., is not that. to have a choice whether or not we have a pin has to be there.
5:28 pm
it is not there right now. we are deep talked about the added -- we already talked about the added security. whatever the device or medium may be with some type of pin, i think that is what scott and i can agree that pins may not be the say all and end all, but it is the best thing we have got there at market today. i think biometrics has its own challenges. a pin is more dynamic because you can change it. if somebody lifts right thumb print, which is a common thing to do, you can steal those easily, i am not going to cut my thumb off to protect my
5:29 pm
financial data, so there is real questions on how effective they are. i am not saying that they may not be the future rate they might in fact, but there is a lot to be determined there. going back to the chip and choice, i worked at the national restaurant association prior to that. talk about one of the most challenging environments. the last thing you want is somebody holding out this pin machine reaching out of your car window. maybe it does not work there, but let's go back to my example at midnight at the drive-through. if somebody is ordering $200 worth of gift cards at $100 worth of hamburgers, i may be suspicious about the transaction. for me to have that choice, the pin has to be on the project, which is not the roadmap we have chosen the u.s. i think it is important for e-commerce transactions, too. we had the last g-20 nation to go to emb. because we have done this so late, we had all the more opportunities to improve the experience with better technology. one of those being the ability to ask for pins in an e-commerce environment.
5:30 pm
i had a couple merchants role that outlasts year, and they are not seeing the benefit because some of the card networks and issuers have not agreed to support that technology for online e-commerce transactions, so i think we need to get better at that and moved to support those enhanced technologies when they are there. i want to make one more comment -- can i use your swipe things? this is unique. we talk about food trucks top of examples, but even that independent grocery store operator, all of that hardware in the u.s. has pins on them but it is a matter of programming software. you will be hard-pressed to find anything outside of these examples that will not accept a pin going forward. >> steve? steve: i don't have much to say on this other than in terms of losing your pin number, it i lose my card, it is not inscribed on it. if i lose my card and my signature is on it, you have made. here is that these and it is
5:31 pm
much easier to look at my signature and force it then to find the card and somehow know my pin number. second point, it is easy to have a situation where may be three false pins leads to a lockout and notification to the customer, so that is a simple way to make that 10,000 unique numbers somewhat hard to guess. the last thing, i am not sure how comfortable i would be, and may be time of tell, but to share my biometrics up on a server somewhere where somebody can crack and get my information. i am not sure i'm comfortable doing that right now and may be biometrics is for the future, but i think the chip and pin is something to deal with now rather than trying to think ahead. i would much rather not have my biometric information sitting on
5:32 pm
the server when i do not have control over it. >> thank you. this has been a good discussion. i think we have great points out here. scott, you brought up some of the future that we can look toward for verification and i think it is interesting to take a look at what some of those opportunities might be, and i think it is looking at what is available now, which is pins, and looking at what is available in the future, which may be excited for consumers for verification of protection. liz, i wanted to turn to you for a moment. you did bring up some of the challenges that have been faced with this certification process. i wanted to ask you if there have been any other challenges in the road, ones that have followed -- months that have followed october 1. if you wanted to highlight anything else? liz: in addition to what we
5:33 pm
said, we had inadequate timelines in the u.s. i understand that there is a real need to protect fraud, and we all talked about with the global numbers looked like and what the u.s. numbers look like compared to the global numbers, and it is quite a challenge on large businesses, midsize to small businesses, not talking about the food truck example, but some of the larger merchants in the u.s., and it has created a financial strain because there was not a roadmap to get it ready by that october 1 dates. we would love to further investigate what the impact has been on those businesses and certain losses have been filed in parts of the country already. it comes back to my key point. it has really shown that the emb companies have not been able to manage the transition in a manner that is adequate for all the payment stakeholders, and
5:34 pm
that is what we really get when you look at proprietary bodies and standards that has a few and select companies in mind and we have to move away from that if we go to digital and mobile commerce and may be talking a little bit about these organizations later, but i will pause there for now. >> sorry. we have talked about this as an issue for the retailers for the credit card companies, but this is really a consumer issue. if you are thinking about this is a consumer issue, i know as the consumer, i have dealt with fraud with two reasons. one for reasons where my card has been compromised without losing it, which the chip will
5:35 pm
help, but i have either lost or had my card stolen, which the chip am not help, which the pin with help. i would like you all to think about how do we answered this for consumers? why don't we have a pin? why have we not moved to the pin with this opportunity to add to addressing this issue on how to reduce this to step fraud situation? who would like to -- steve? steve: i will take part of that. what i was trying to say earlier is first off, there should not be an impediment for that. consumers are already using them for lockboxes, your tech devices and things such as that. they are using them on atm's,
5:36 pm
debits, so there is really no reason why we should not take the next step. in terms of consumers have the ability to do this and there are simple tricks. it is taking a favorite number or something like my old home address or something. there are many ways of coming up with more than one number to be able to recall, so that is the simple issue, but i think the reason is that the consumers are not the obstacle but the players in the market are the obstacle. why the atm and the debit card, we do have this pin numbers, the question is who is liable for the loss? if the issuing bank is not liable for it, they're not going to require the pin, so in the case of the atm in the debit
5:37 pm
where there is liability, absolutely we see a pin, but when we talk about the issuing bank when it comes to credit cards, no, they do not want a pin. it is because they have shifted the liability to merchants, one, and secondly, because the chip and signature transaction fee is higher than the chip and can, so they make money by not moving to the newest technology. them he put on the consolidated -- the economist hat. we have these problems in economics and when you have an agent, so that the issuing bank, is responsible for acting on behalf of everyone else in the environment, the credit card environment, but they are acting in ways that are unaligned with the principles, the merchants and consumers. that is what is going on here,
5:38 pm
and the solution to economics can go back to the old coast the arab. the solution -- coast theory. if they became liable for this, the problem with that got annoyed 20 years ago, so to me, i think the industry needs to step up and make this correction for the benefit of consumers. and allow for the ability for merchants to opt out, so if you run into other issues for small retailers, i understand that, but the point is to say that simply consumers -- they do not want this, and there is survey research that says they do not. consumers that actually use the pin for atms did not have problems using them with credit cards. it is one of those issues that i think what we need to do is move ahead, get that in place and let's reduce the fraud and clean this up and take profit out of fraud, and that in itself will be a big step in reducing this.
5:39 pm
everyone is chasing the value of the money. just as i said earlier, you have broken nations trying to take down the internet or control infrastructure with cyber security threats. it is the same kind of thing. we need to take the value out of that and this is a simple, effective and low-cost means of doing that, to require the pin. liz: i agree with most of what steve said and we have to think about how the chargeback process works, and that is one of the reasons this model has stayed in place. we are not talking about pushing up fraud up of consumers, but those responsible need to step up, either play a bigger role in bearing the fraud toward they should not be managing this process.
5:40 pm
they put themselves in a role that has created distance in the marketplace to reduce fraud, so i think that is important. i think initiatives like the white house initiative is a great means to help educate consumers on the benefits of chip and pin, so major kudos to the white house forever thing they are doing to drive the market in the right direction. i think we need to educate consumers on the benefit. not just protecting the product like we do with the chip, but authenticating the cardholder, be if you pin, biometrics or [indiscernible] i do think we need to speed up certification and that involves a lot of companies getting more involved in that. i noted that they are doing a great job in helping merchants to get there, but we need the
5:41 pm
rest of the stakeholders to move us forward. as a consumer, i go into one of my local retailers, and even as a payment professional, i don't know where i am going to swipe my card these days because we did have this october 1 liability ship dates and consumers were led to believe that ship cards are going to be the end-all and say all as of october 1 and you could use them everywhere. we have got to get rid of this screen as the default process. this adds customer confusion and it does not make sense. it is disingenuous to slow up an already new learning process with screens that will benefit some companies and create added confusion for retailers and customers. >> thank you. >> i would be happy to continue on, but a couple thoughts. first, let's start off with the basic principle behind us consumers, we are talking about
5:42 pm
the liability ship. there is no change in the liability to consumers. the industry goes farther than federal law requires in terms of providing protection against fraud. federal law allows us to charge consumers for the first $50 of fraud, but read, the industry, have gone further than we need to there. we have a liability shift. it is a temporary measure that moves the liability to the party, the banker at the merchant, who was using the old technology. the liability has always had it. i think steve was talking about the liability on the banks and that would do something different, but they have always had that liability. once the merchant is upgraded to chip, that liability brings the chip back to the issuing bank, so this is simply a temporary shift to provide incentive in the marketplace for the merchant to do this upgrade to attack in-store counterfeit fraud. in terms of the pin itself, there are techniques that exist right now.
5:43 pm
my bank when i go to make a purchase will send me a text saying did you really need to buy -- did you really mean to buy that big tv? my bank can do that for me now. that type of method works perfectly. wants eight in on their card, if a retailer once to accept a pin, there is the technology that exists to do so today. there is another risk to the merchant. if the consumer box and without a pin card, that transaction doesn't get go through. or the customer has to use a different card. additionally, if you think about the liability shift here,
5:44 pm
whoever is using the technology that will have the liability, that card turns out to be counterfeit, the merchant just increase their liability by forcing a pin to follow the transaction. than the liability would not be on the bank but on the merchant demanding the pin. under the durban rules, the merchant is given a choice to route the debit card transaction. the merchant under the law has to make a choice through which network they want to route that transaction. if the merchant makes a choice, they will have to make the choice which network to route the transaction over. if the merchant doesn't make that choice, and there are 8
5:45 pm
million merchants so it's going to happen once, that screen will, but because the debit card network doesn't know where to route the transaction. that screen is designed as a default so that we know how to route the transaction. i'm cutting through the technical pieces. i'm sure liz has some comments, but we have to implement the law that senator durbin and the dodd frank institute implemented. and finally, just one more point on the timing. on the timing on the transition, the timing to chip cards was announced in 2011. during that time frame, there's a window to be getting ready and there are various benchmarks along the way. one of the questions to ask, and this is a hypothetical, when did the merchant approach their process?
5:46 pm
some merchants approached on a timely manner. some, like me, waited. i wait until christmas eve to do my shopping. i always cram for finals and pull all nighters. some merchants may have waited longer than necessary. that is up to them. i cannot speak for all merchants. one of the challenges is because we have all of these different debit networks, we need to come up with a common language for all the cards to work on the networks. part of the challenge was we did not have the law or regulations around senator durbin's language . until the court of appeals ruled with the fed in march of 2014. three months later that common , language came out and was available. part of the delay was the legal wranglings over the durban provision.
5:47 pm
you could argue there might have been more time where merchants may not have had a reason to wait, but that was part of the holdup in getting us to where we are at this point right now. >> i have a response from both liz and steve. steve signaled me first. >> once the liability shift takes place, and those costs are then incurred by it is a misnomer to say that somehow those costs don't go to consumers in the form of higher prices. it is an indirect cost to consumers. the fact there was this liability shift absolutely puts consumers on the line. it is like saying shoplifting doesn't cop -- shoplifting doesn't affect the cost of your goods.
5:48 pm
>> i will chime in a couple of small things before we go into debit routing. scott mentioned banks always have the liability. somebody re-creates that magnetic card and swipes it, which can happen with cards because we are perpetuating mag stripes in the back of this. it is actually resulting in a lot of fraud shift right now. we heard about that from law enforcement authorities. not shrinking, but the merchants who haven't , in able to get the ploy 100% agree. there are merchants who waited too late.
5:49 pm
they haven't been able to get there and is a huge problem. the transaction pieces are an interesting item. take a they may want to look into -- we have reason to believe some of the larger banks are reducing their transaction monitoring because of the incentives that are out there. i don't have any concrete proof of that right now. a certainover purchase amount, i would love to know of that is still happening. that would be a great thing for folks to start looking into and what the impact of transaction fraud monitoring would be. i think that covers everything. i think this is a really important piece. competition is really important. it helps create efficiency and security, efficiencies and cost, and ultimately efficiencies for consumers.
5:50 pm
what the amendment did is it said there had become petition in routing on debit card transactions. intomebody were to hack the largest payment card networks out there and you didn't have a second option on that card, that becomes a real problem for u.s. commerce. i hope we are never in that vote. we see it all the time and groceries with ebt transactions. the same should be for private cards. does is amendment inject the competition back into cards. that is a very good thing. imagine a world where the only orion to route transactions the set our mastercard or one of the global networks. not only is that that from a security standpoint, but it disadvantages the u.s. domestic
5:51 pm
networks who are competing for business, and who are very important and critical to the u.s. economy. if the merchant's not doing smart routing, this pops up regardless. a merchant can program their point-of-sale. this is the default certification. i have merchants who do smart routing and it has messed up their smart routing. this is a byproduct of what came out of -- here is one of the best way it can rollout emd in the u.s.. this is unnecessarily creating consumer confusion. as far as getting domestic debit cards here in the u.s., the biggest challenge was not a pending lawsuit, it was that the
5:52 pm
companies did not want to open up their technology. concernsand their there, but we are talking about 20-year-old technology, it is not new. the fact major car brands weren't willing to open up the ability for domestic debit cards to get their networks really was just about market share competition. i think the amendment has enhanced that competition that can exist. absent that competition we would be in a dangerous spot with rollouts in the u.s.. that is one of the reasons we had major concerns with them playing any larger role in mobile commerce. because the lack of competition that could result. >> i'm going to move the audience in one minute. patient, and very
5:53 pm
we did mention just a moment ago , we are so pleased that the administration has been helpful in educating us about this issue. i wanted to see if there's anything you wanted to add before he moved to queue and day q to queue and a -- to &a?. >> the president was pretty robust in saying -- we can be technology neutral and innovation beyond a pen itself. but we are looking for a system that authentec -- that authenticates the chip at the terminal. i know many of the companies are
5:54 pm
looking at these innovative models. and are coming up with great technology. with the consumer cyber security campaign we have been working on, a lot of companies have come to the table and said this may not even multi factor identification, which is what we are focusing the campaign on. i know that they may have encryption and have different tools to help consumers online. from the white house perspective, whatever you can bring for security, we want to see it. please want to see the next frontier of where we can go. >> what i'm hearing you say is right now it is chip and then? -- chip and pin? thank you, camille.
5:55 pm
to see what questions you might have for our panelists. you could identify yourself and speak as loudly as you can so we catch it on the cameras. >> if chip and pin, the main problem it solves is lost or stolen cards, would they make of the overall loss due to the picture. >> half the fraud is online, half the fraud is in store. is aboutof the fraud 70% and going to be the counterweight -- counterfeit card. thing to pointal
5:56 pm
out, talking about the fallback transactions, chip and pin would use counterfeit cards in that sort of instance where somebody has come in with a chip card and falling back on the magstripe card. useful to talk about how pin can be used with online transactions? that is something we haven't really delved into. is that something we could explore as well? is there someone who might want to talk about that? >> it has actually been out there for quite some time. it pays secure. that has been successfully deployed in india. they might be able to move that forward.
5:57 pm
private businesses, airlines, department stores to deploy the technology, and allows you to prompt the customer for a pin, if what they are using has one and enables to buy the networks on that card. does coordinate mapping, so you are never gathering the pin. it is a very secure solution. the capacity online is absolutely at the market here in the u.s.. we're hoping for further adoption, especially for the retailers that invested to deploy the technology. >> in addition to thinking about it another way to tackle this problem is a concept called tokenize a show in. while the u.s. is catching up to the rest of the world and the terms of chip, we are ahead in terms of tokenize nation. we are creating a token in
5:58 pm
mathematical representation of your number. it is not actually your card. cann online setting, you create a token that is assigned to you. whenever you make a purchase , it doesn't actually store your credit card number, just a representation of it. fraud.lps reduce amazon will say you can't use the card because the car they are trying to use is the actual number and has been created for your card in that scenario. it is another way and already now ineployed by many many scenarios. >> in addition to that i think there is another option that popped up here and there. at least a short-term one.
5:59 pm
accountant you regularly use, they have your cell phone anyway and they send you a specific pin number that you would then put into closed transaction. these are good ideas to go forward with. it tole we don't consider new technology, it is really good as far as far pretense -- as well as fraud put -- as well as fraud prevention technology. not all types of tokenization are created equal. scott mentioned pepin -- mentioned payment, done on apple pay. this is a good customer experience. have concerns with certain
6:00 pm
retailers as far as the backend security. that solution was developed out of the people that brought emb to the u.s.. and we have concerns there that are similar to the ones i already race about a handful of companies mentioning a proprietary set of standards. additionally it disrupts some of our e-commerce transaction. there are some concerns, but i agree it is the right way we should be heading. we then have in-house tokenization. about a year and a half ago we did a loose survey of our worship. -- of our membership. 50% more have already started
6:01 pm
the process, and we will see that number grow when you look at encryption solutions. young restaurants said that as a top priority for them. and environments like restaurants and hospitality, where you see a number of malware attacks on the system, they can do a lot to protect that merchant from infiltrating. third-party,e is which is a service that has rolled out. not all merchants are sophisticated enough to do it in-house tokenize nation. a lot of members provide a great service. if you operate and in present
6:02 pm
environment, you have to have your back office matching. deploy you started to some of these encryption solutions for your online business, you really had to wait until you are ready to roll out to make it match up. while merchants have come close to deploying the solutions, there has been a hold up on getting these out to market. , -- >> there is a theme, and that is trying to devalue your payment card information, whether it is adding a token, encrypting it. that is one of the goals of to end fraud,fer which is one of the primary goals. going to protect it, it is going to require
6:03 pm
multiple steps. all of that is designed with one thing in mind. the thieves will build an 11 foot ladder. there will be some new threat. this is a constantly moving target and we must continue to deploy resources to protect the system and its consumers and retailers. you can go to the restaurant, you can visit your favorite retailers, or your favorite parks, and the transaction will go through. that -- making sure right transactions go through, that is the guiding principle.
6:04 pm
>> that sounds like the one minute closing remark i was going to give. let me see if anybody has another question? identify yourself. is as you talk about this technology and the consumers versus retailers, i can see scammers starting to stare from the smaller operations. what is the cost association to upgrading those systems. >> the answer is it depends. if you are trying to upgrade to a chip, can be as low as $50.
6:05 pm
the more complexity the increased and cost -- increasing cost. that is in terms of the hardware. in terms of wall this is going on, if there is a counterfeit card fraud, currently if you are the party using the old technology, then you will be currently liable for that counterfeit loss. camille: one of the things that is remarkable about this market is the innovation that has come out in the last few years. there are increasingly new products that have increasingly complex systems. depending on what your definition of what retailers and others can use. reader, very small chip you can have an on the counter terminal for a very low price.
6:06 pm
>> i would echo everything that has already been said. you can't buy some solutions that are more affordable if you are a small business to integrate something like a server station at a restaurant. it is not just a counter service restaurant. you see most smaller merchants upgrade their point-of-sale hardware. and somen come in environments have an attachment that is a chip reader. then you have the time to bring somebody in, the program to make sure hardware and software. cool --finitely one definitely one tool in the toolbox.
6:07 pm
>> we have time for one more quick question. i have one person in the back who has not asked a question. >> my name is william cunningham. you have talked about data protection and vulnerable communities. specifically thinking of a case we have been made aware of within a shelter. sure,w, i'm not quite using technology to get her locations and cause an issue at the shelter. i'm just putting that out there. >> i don't know this is isolated to a credit card issue. it is fully important.
6:08 pm
this is true with online companies and merchants and banks and everyone in the environment. personalction of information, its retention and use, notifying consumers and having an ability to opt out. in some cases people don't realize you have your cell phone on and it is being stored somewhere. you have a gps or a restaurant finder or something. had ajor online provider file released on it. how do you know which person has the mac? would know.wner but i'm just saying it is possible. it is really important in this whole scheme of things. right down to it,
6:09 pm
it is so important to make sure everybody in the environment has responsibility for storing and protecting, making sure the servers and things have firewalls and protection and other services to protect them, that consumers are aware of the retention life and how that information will be used. some of this information is used for marketing. it is a good question though. talked a lot about mobile commerce, and there are studies that show a lot of on and under banks use smart phones as their primary means of accessing the internet. that opens up a whole new market of folks who may be paying with this device. security of payment data as well as other consumer data is absolutely paramount. as we go through one of the primary priorities, if we except apple pay or android pay in our
6:10 pm
store, it is very important we have a bilateral agreement with those companies to ensure we know how that data is being managed and used to better protect our customers. >> thank you. down, if youto run could just give us your 45 second closing comments. seconds, because your last remark set it all. camille, if you would just start. >> the consumer information has been fundamental of the administration over the last eight years. digital and it is the
6:11 pm
first time we have really had to confront these challenges. you can take the segment of the economy that needs some security steps and actually do smart and tactical implementation of security. we hope they confront privacy and security. they use this as a model in small places where they need steps, but also looking at the entire environment. that is something that still needs to be done. >> i hate to borrow the line that which unites us is greater than that which divides us. we have done many of these panels. 60% and we put in all share the common goals of
6:12 pm
trying to ensure safety of the system. whether it is their data, whether it is their privacy or their location, all of those are simultaneous goals we share to making sure you get -- >> i'm not sure i can put it better than that. we probably agree 80% of the time. somewhere, but not often. it is all about protecting consumers and protecting economy. one thing i will leave folks with is a take away. as we move into the digital and mobile commerce space, lesson learned from emd. really we need to be thinking outside the box. let's not look to the same traditional payment companies we have looked at time and time again to facilitate payments. we are talking about commerce here.
6:13 pm
i don't see mobile payments, i see mobile commerce. so much added value we can bring to consumers every day to move into those new platforms. >> technology is a great tool. are seeing online are a lot of options available for and issuing banks to protections,ecure which will ultimately benefit consumers. i think the technology is here. i agree with what they said about the latter getting higher all the time. i don't think right now consumers are the impediment toward moving the pin. i think that is a good and file
6:14 pm
option to protecting their information. what i have heard is the discovery card and the ceo has agreed that it is a good option. i will close by saying i think it is a simple low-cost and immediate way of addressing credit card -- credit card fraud. >> thank you all for coming and thank you to our extraordinary panelists today. please take a cookie before you leave. thank you again to everyone for being here. [applause] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org]
6:15 pm
i will shoot it over to you, we have a whole bunch. >> the background is always useful.
6:16 pm
>> thank you guys. >> yes. >> on this week's newsmakers, puerto rico governor -- he will talk about the
6:17 pm
territorial governments debt crisis and what is next after missing a $300 billion bond payments next week. sunday at 10 a.m. and 6 p.m. eastern on c-span. this weekend, the c-span city to her, hosted by charter and time warner cable partners, takes you to sin bernadino california to explore the history and literary culture of this city. 14 people were killed and 22 were seriously injured in a terrorist attack at the inland regional center. we talk with a congressman about the attack and recovery efforts. >> one we talk about the fight it is notrror, something in the abstract anymore. it is something that mean something.
6:18 pm
this isn't a big city here in san bernardino that was attacked, this could happen anywhere. >> we will also speak with -- about establishing a permanent memorial to the victims of the attack. >> it provides a sense of remembrance and highlights their lives and what they have contributed to our local community. it will be a near and dear place for us. a place of serenity. we are thinking a prayer chapel around this area. >> we will learn about the family of wyatt earp. his book talks about their notoriety and connection to san bernardino. tothe connection goes back of wyattn the father earp, his name was nicholas earp.
6:19 pm
he basically left his family temporarily. they were living in illinois. he came back to the midwest and ventured down to southern california, passing through the san bernardino valley. >> we will visit the san bernardino history and railroad museum and talk about the importance with alan bone, san bernard a no historical society vice president, located in the depot. >> construction was completed in 1918 and replaced a wooden structure that was approximately 100 yards east here. why it was built a lot larger than it was needed, because they decided to house the division headquarters at this location at that time.

33 Views

info Stream Only

Uploaded by TV Archive on